| Immutable objects should be {{const}}\-qualified.  Enforcing object immutability using {{const}}\-qualification helps ensure the correctness and security of applications.  ISO/IEC PDTR 24772, for example, recommends labeling parameters as constant to avoid the unintentional modification of function arguments \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\].  [STR05-A. Use pointers to const when referring to string literals] describes a specialized case of this recommendation.  | 
Adding const qualification may propagate through a program; as you add const qualifiers, still more become necessary. This phenomenon is sometimes called "const poisoning."  Const poisoning can frequently lead to violations of EXP05-A. Do not cast away a const qualification. While const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
Macros, or an enumeration constant, may also be used instead of a const-qualified object. DCL06-A. Use meaningful symbolic constants to represent literal values in program logic describes the relative merits of using const-qualified objects, enumeration constants, and object-like macros. However, adding a const qualifier to an existing variable is a better first step than replacing the variable with an enumeration constant or macro, because the compiler will issue warnings on any code that changes your const-qualified variable. Once you have verified that a const-qualified variable is not changed by any code, you may consider changing it to an enumeration constant or macro, as best fits your design.
In the following non-compliant code, pi is declared as a float.  Although pi is a mathematical constant, its value is not protected from accidental modification.
| float pi = 3.14159f; float degrees; float radians; /* ... */ radians = degrees * pi / 180; | 
In this compliant solution, pi is declared as a const-qualified object.
| float const pi = 3.14159f; float degrees; float radians; /* ... */ radians = degrees * pi / 180; | 
Failing to const-qualify immutable objects can result in a constant being modified at runtime.
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| DCL00-A | low | unlikely | high | P1 | L3 | 
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
| \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.3, "Type qualifiers" \[[Saks 00|AA. C References#Saks 00]\] Dan Saks. [Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]. Embedded Systems Programming. September, 2000. | 
02. Declarations and Initialization (DCL) 02. Declarations and Initialization (DCL) DCL01-A. Do not reuse variable names in subscopes